The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information. Continue Reading
On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian data localization. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – store the personal data of Russian citizens on databases located in the country. Continue Reading
The Conference of the German Federal and State Data Protection Authorities during its last meeting on 8 and 9 October adopted the resolution “Data Protection in the Car”. The resolution expresses a concern about what it describes as privacy risks involved in the growing collection and processing of personal data in cars, and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using those data. Continue Reading
Corporate boards and senior management are more focused than ever before on cyber incident prevention and preparedness. Recently thecorporatecounsel.net, an influential resource for corporate governance lawyers, addressed this topic in a program titled “Cybersecurity: Working the Calm Before the Storm,” describing what the board and senior management can do to prepare for the inevitable cybersecurity breach. The program featured Hogan Lovells Partner Harriet Pearson.
To read the transcript, click here.
To listen to “Cybersecurity: Working the Calm Before the Storm” (subscription required), click here.
From 13 to 16 October 2014, privacy regulators and data protection authorities from around the world will be gathering together with experts in the field – including our London-based partner Eduardo Ustaran – to discuss, debate and hopefully agree on how to address the toughest privacy challenges of our time. The 36th International Conference of Data Protection and Privacy Commissioners is entitled “A World Order for Data Protection – Our Dream Coming True?” This year’s conference is taking place in Mauritius, a clear sign of the truly global nature of this issue. Continue Reading
The Federal Trade Commission (FTC) recently submitted comments to the Federal Communications Commission (FCC) in which it reminded broadband Internet service providers that they are subject to several data privacy and security laws enforced by the FTC. The FTC’s comments underscore why broadband providers – as well as their vendors and business partners – must keep a close watch on both FCC and FTC developments in the privacy and security space.
Government officials emphasized the importance of risk analysis and risk management in safeguarding PHI at the Seventh Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 23–24, 2014, and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The following themes emerged during the conference: Continue Reading
The 2009 HITECH Act mandated that the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) conduct periodic audits of covered entities and business associates for compliance with HIPAA privacy and security requirements. In 2012, OCR conducted a pilot audit program involving 115 covered entities. In February 2014, the agency issued a notice in the Federal Register announcing its plan to survey up to 1,200 covered entities and business associates to select organizations for the next round of HIPAA audits. Continue Reading
On August 27, 2014, the National Institutes of Health (NIH) issued a new Genomic Data Sharing (GDS) Policy, which replaces the current genome-wide association study (GWAS) data policy that was instituted in 2007. The GDS Policy applies to all NIH-funded research that generates large-scale human or non-human genomic data as well as the use of that data for subsequent research. As discussed below, the Policy promotes the use of broad informed consent for future study and sharing. Continue Reading
The “Right to be Forgotten” ruling issued by the European Court of Justice in May 2014 has been a key source of controversy this summer. Much criticism has explored the impact of the ruling on freedom of expression and the right of access to information. In an article published in the Privacy and Data Protection Journal, Eduardo Ustaran, Partner in Hogan Lovells’ Global Privacy and Information Management Practice, unpacks the wider implications of the ruling to focus on key legal-applicability considerations for businesses with subsidiaries in the EU. The article also considers how the ruling will impact legislative debate on the forthcoming EU Data Protection Regulation.
To Read “The Wider Effects of the ‘Right to be Forgotten’ Case,” click here.